[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[minion-cvs] Several days worth of hacking. Highlights: Key rotatio...
Update of /home/minion/cvsroot/src/minion/etc
In directory moria.mit.edu:/tmp/cvs-serv2846/etc
Modified Files:
mixminiond.conf
Log Message:
Several days worth of hacking. Highlights: Key rotation, robust queues.
TODO:
- Update status, add time estimates
- Break down directory work
etc/mixminiond.conf:
- Rename PublicKeySloppiness to PublicKeyOverlap
*:
- Whitespace normalization
ClientMain:
- Improve path syntax to include ?, *n, Allow choice-with-replacement
- Use new readPickled functionality from Common
- Add -n argument for flush command
- Add default-path options to ClientConfig
- Be more specific about causes of failure when flushing; be more specific
about # messages flushed.
- Remove --swap-at option: now path syntax is adequate.
Config, ClientMain, Common:
- Change duration from a 3-tuple to an independent class. Now we
can say duration.getSeconds() rather than duration[2], which makes
some stuff more readable.
Common:
- Debug checkPrivateFile
- Add AtomicFile class to help with standard create/rename pattern.
- Add readPickled/writePickled wrappers
MMTPClient:
- Document PeerCertificateCache
Packet:
- Correct documentation on overflow, underflow.
benchmark:
- Improve format of printed sizes
- Improve pk timing; time with bizarre exponent.
- Add Timing for ServerQueues
test:
- Add tests for encodeBase64
- Correct tests for new DeliveryQueue implementation
- Add tests for checkPrivateFile
- Revise tests for _parseInterval in response to new Duration class.
- Add tests for generating new descriptors with existing keys
- Fix test for directory with bad signature: make it fail for the
right reason
- Deal with new validateConfig in Module
- Add test for scheduler.
- Tests for new path selection code
testSupport:
- Module code uses new interface
EventStats:
- Document, clean
MMTPServer:
- Better warning on TLSClosed while connecting.
- Document new functionality
Modules:
- validateConfig function no longer needs 'sections' and 'entries':
make it follow the same interface as other validation fns
- _deliverMessages: use new DeliveryQueue interface
PacketHandler:
- Always take a list of keys, never a single one.
ServerConfig:
- Refactor validateRetrySchedule
- Use new Duration class
- Rename PublicKeySloppiness to PublicKeyOverlap
ServerKeys: ***
- Implement key rotation:
- Notice when to add and remove keys from PacketHandlers, MMTPServer
- Set keys in packethandlers, mmtpserver
- Note that 512-bit DH moduli are kinda silly
- More code and debugging for descriptor regenration
ServerMain:
- Documentation
- Key rotation
- Respond to refactoring in DeliveryQueue
- Use lambdas to wrap EventStats rotation
- Separate reset method
- Remove obsolete commands
ServerQueue: ***
- Refactor DeliveryQueue so that it has a prayer of working: Keep
message delivery state in a separate file, and update separately.
Remember time of queueing for each method, and last attempted
delivery; n_retries is gone. This allows us to change the retry schedule
without putting messages in an inconsistent state.
An earlier version put the state for _all_ queued objects in a
single file: this turned out to be screamingly inefficient.
crypt.c, tls.c:
- Documentation fixes
Index: mixminiond.conf
===================================================================
RCS file: /home/minion/cvsroot/src/minion/etc/mixminiond.conf,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -d -r1.21 -r1.22
--- mixminiond.conf 27 Mar 2003 10:30:59 -0000 1.21
+++ mixminiond.conf 17 May 2003 00:08:41 -0000 1.22
@@ -94,8 +94,7 @@
PublicKeyLifetime: 3 months
# How long after a key rotation should the old key still work?
-# NOT YET FULLY SUPPORTED.
-#PublicKeySloppiness: 5 minutes
+#PublicKeyOverlap: 2 hours
# Use this option to define a 'nickname' for this server that users will
# use as a 'friendlier' version of your identity key. By default, this is